POWERED BY MOMENTUM MEDIA
Email security lapses widespread among super funds
Earlier this month, several Australian superannuation funds fell victim to credential stuffing attacks, which saw a small number of members lose more than $500,000.
Sadly, it appears many such funds are still prone to compromise.
Cyber security firm Proofpoint has released new research into the email security of Australian super funds and the most alarming statistic is that 58 per cent of funds are falling behind on the most basic security measures.
“Australian superannuation funds hold the financial futures of millions of everyday Australians, yet our research reveals 58 per cent are failing to implement basic email security protocols,” said Steve Moros, senior director, advanced technology group, Asia Pacific and Japan at Proofpoint.
“This security gap creates a dangerous opening for cyber criminals who specifically target these data-rich organisations.”
Proofpoint conducted Domain-based Message Authentication, Reporting and Conformance (DMARC) analysis of more than 80 Australian funds and found that 8 per cent don’t have any DMARC protection at all, while only 42 per cent have the highest level of DMARC protection.
DMARC has three levels of protection – monitor, quarantine, and reject, the latter of which is the highest level of protection. The protocol is designed to prevent domain names from being misused by cyber criminals.
According to the research, 23 per cent of Australian funds use the quarantine level of protection and 27 per cent use the monitor level.
“The recent breach resulting in over $500,000 in losses demonstrates these threats aren’t theoretical and, in fact, regular occurrences growing in volume. They’re actively impacting Australians’ retirement savings,” Moros said.
“While resource constraints are understandable, implementing robust DMARC protection isn’t optional in today’s threat landscape – it’s essential infrastructure that stands between members’ life savings, their privacy and increasingly sophisticated fraud campaigns targeting these critical financial institutions.”
The analysis was conducted based on a list of APRA-regulated super funds in April this year.
Earlier this month, speaking at Momentum Media’s Election 2025 breakfast event in Sydney, Mary Delahunty, CEO of the Association of Superannuation Funds of Australia (ASFA), took a moment to address the cyber incident that gripped some Australian super funds last week.
Initially, the funds affected by the incident included Rest, Hostplus, AustralianSuper, Insignia’s Expand platform, and Australian Retirement Trust, followed later by Cbus Super and Media Super, which raised alarms after a surge of suspicious login attempts.
“I’m sure all of you are aware of the cyber incident that affected several superannuation funds recently. It’s now being investigated by police and government authorities,” Delahunty said.
“While I can’t say a lot at the moment, I can say that the cyber criminals undertook a coordinated, well-funded and sophisticated attack on our system.
“The superannuation sector is taking this extremely seriously, as we should.”
Delahunty said at the time that reviews are underway to assess where further protections are needed.
Recommended for you
Volatile markets driven by shifting US tariff policy failed to rattle Australia’s superannuation system in April, with balanced options inching upward.
ASFA has urged greater transparency and fairness in the way superannuation levies are set and spent.
Labor’s re-election has reignited calls to strengthen Australia’s $4.2 trillion super system, with industry bodies urging swift reform amid economic and demographic shifts.
A major super fund has defended its use of private markets in a submission to ASIC, asserting that appropriate governance and information-sharing practices are present in both public and private markets.
TOP PERFORMING FUNDS
ACS FIXED INT - AUSTRALIA/GLOBAL BOND
Fund name
3y(%)pa
1
DomaCom DFS Mortgage
93.34 3 y p.a(%)
2
Global X GlobalX FANG+ ETF
36.96 3 y p.a(%)
3
GAM LSA Private Shares AU I
34.22 3 y p.a(%)
4
VanEck Video Gaming and eSports ETF (AU)
28.89 3 y p.a(%)
5
Plato Global Alpha A
28.83 3 y p.a(%)
